MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 be7df9b222558c6b2afce6db5b20645bf394901f3d5ba27945d5497a367c8034. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Quakbot
Vendor detections: 9
| SHA256 hash: | be7df9b222558c6b2afce6db5b20645bf394901f3d5ba27945d5497a367c8034 |
|---|---|
| SHA3-384 hash: | 145e1a8f50cba08c791ed6c83a370ee6802fa21745fe2d6cc78493f411ac1e1d4b85f0b5caea1b97dd63b42c54bfe8b1 |
| SHA1 hash: | fc121b9909d13381e9bae6ae4e284e637f93dc3c |
| MD5 hash: | f4a1c6ac97447ff75a73977f0f4ced82 |
| humanhash: | blue-pip-golf-high |
| File name: | f4a1c6ac97447ff75a73977f0f4ced82.dll |
| Download: | download sample |
| Signature | Quakbot |
| File size: | 836'096 bytes |
| First seen: | 2022-03-23 15:07:31 UTC |
| Last seen: | Never |
| File type: |  dll |
| MIME type: | application/x-dosexec |
| imphash | a248a3b8ac41ea7dd4b74ef7db35b79b (3 x Quakbot) |
| ssdeep | 12288:QXa6A3jArm0Fi0p+dp/VmcBBfY7m8KKkX8eLQRNGoDTStoMsaD2F1PrIGh:QXezAr1i0p+H7BEjwMeGNruaVa6FZh |
| Threatray | 339 similar samples on MalwareBazaar |
| TLSH | T1F905BF36E280A5FFC123FA756C36F190AC207DA0D615D44527DEDF4E4B3E6822B64A87 |
| File icon (PE): |  |
| dhash icon | 399998ecd4d46c0e (572 x Quakbot, 137 x ArkeiStealer, 82 x GCleaner) |
| Reporter |  abuse_ch |
| Tags: | dll Qakbot qbot Quakbot |
Intelligence
File Origin
# of uploads :
1
# of downloads :
362
Origin country :
n/a
Vendor Threat Intelligence
Detection:
QakBot
Result
Verdict:
Malware
Maliciousness:
Behaviour
Launching a process
Creating a window
Modifying an executable file
Сreating synchronization primitives
Searching for synchronization primitives
Creating a process with a hidden window
Unauthorized injection to a system process
Enabling autorun by creating a file
Verdict:
Likely Malicious
Threat level:
7.5/10
Confidence:
100%
Tags:
control.exe greyware keylogger packed
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Threat name:
Win32.Backdoor.Quakbot
Status:
Malicious
First seen:
2022-03-23 15:08:15 UTC
File Type:
PE (Dll)
Extracted files:
71
AV detection:
18 of 23 (78.26%)
Threat level:
5/5
Detection(s):
Suspicious file
Verdict:
malicious
Label(s):
qakbot
Similar samples:
+ 329 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Score:
10/10
Tags:
family:qakbot botnet:azd campaign:1647016832 banker evasion stealer trojan
Behaviour
Creates scheduled task(s)
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Program crash
Loads dropped DLL
Qakbot/Qbot
Windows security bypass
Malware Config
C2 Extraction:
69.159.200.138:2222
32.221.225.247:995
186.10.247.110:443
71.13.93.154:2222
75.99.168.194:61201
201.145.160.158:443
217.165.79.31:995
206.217.0.154:995
109.12.111.14:443
208.107.221.224:443
70.57.207.83:443
102.184.187.50:995
83.110.153.238:61200
70.46.220.114:443
201.170.181.247:443
91.177.173.10:995
188.55.223.134:995
76.169.147.192:32103
24.55.67.176:443
75.159.9.236:443
31.35.28.29:443
92.177.45.46:2078
108.4.67.252:443
82.152.39.39:443
92.99.229.158:2222
89.101.97.139:443
78.100.194.196:6883
89.211.187.132:2222
67.209.195.198:443
217.128.122.65:2222
76.70.9.169:2222
86.195.158.178:2222
5.32.41.45:443
187.199.203.159:443
120.150.218.241:995
177.207.67.234:993
103.87.95.131:2222
86.184.85.199:443
191.99.191.28:443
172.114.160.81:995
2.50.27.78:443
209.210.95.228:32100
72.76.94.99:443
74.15.2.252:2222
63.153.150.20:443
177.207.67.234:995
177.96.102.51:443
189.253.32.61:995
190.73.3.148:2222
139.228.65.100:2222
72.12.115.90:22
187.170.7.81:443
191.112.23.197:443
173.21.10.71:2222
86.98.11.110:443
76.69.155.202:2222
72.252.201.34:995
207.170.238.231:443
217.165.85.106:993
45.63.1.12:995
90.74.16.2:6881
176.67.56.94:443
93.48.80.198:995
47.180.172.159:443
80.11.74.81:2222
108.60.213.141:443
196.203.37.215:80
75.99.168.194:443
140.82.49.12:443
40.134.247.125:995
72.252.201.34:990
100.1.108.246:443
70.51.139.58:2222
31.215.70.127:443
47.23.89.58:993
24.229.150.54:995
217.165.79.31:443
24.43.99.75:443
63.143.92.99:995
24.178.196.158:2222
45.76.167.26:443
45.76.167.26:995
45.63.1.12:443
140.82.63.183:443
144.202.3.39:995
144.202.3.39:443
149.28.238.199:443
149.28.238.199:995
140.82.63.183:995
173.174.216.62:443
208.101.87.135:443
47.23.89.58:995
144.202.2.175:995
144.202.2.175:443
102.65.38.77:443
176.232.95.25:995
105.186.127.127:995
41.205.12.24:443
203.212.24.90:995
117.248.109.38:21
1.161.97.158:443
197.89.108.75:443
217.128.93.27:2222
71.74.12.34:443
83.110.218.135:32101
5.95.58.211:2087
182.191.92.203:995
103.139.242.30:990
85.1.164.37:2222
79.167.199.210:995
86.97.209.134:2222
103.139.242.30:993
80.14.188.219:2222
180.183.125.141:2222
39.44.188.102:995
160.178.61.138:443
124.41.193.166:443
175.145.235.37:443
139.64.13.51:995
76.25.142.196:443
128.106.122.181:443
86.97.209.134:1194
197.237.74.185:995
58.105.167.35:50000
1.161.97.158:995
121.74.187.191:995
94.26.124.10:995
68.204.7.158:443
47.156.131.10:443
189.146.51.56:443
47.156.191.217:443
73.151.236.31:443
47.180.172.159:50010
96.21.251.127:2222
38.70.253.226:2222
96.246.158.154:995
41.228.22.180:443
45.9.20.200:443
75.188.35.168:443
201.42.65.3:995
86.198.170.170:2222
81.229.130.188:443
209.59.248.140:443
105.224.105.97:995
67.165.206.193:993
103.133.11.10:995
114.79.148.170:443
197.162.123.214:993
86.97.9.241:443
183.82.103.213:443
32.221.225.247:995
186.10.247.110:443
71.13.93.154:2222
75.99.168.194:61201
201.145.160.158:443
217.165.79.31:995
206.217.0.154:995
109.12.111.14:443
208.107.221.224:443
70.57.207.83:443
102.184.187.50:995
83.110.153.238:61200
70.46.220.114:443
201.170.181.247:443
91.177.173.10:995
188.55.223.134:995
76.169.147.192:32103
24.55.67.176:443
75.159.9.236:443
31.35.28.29:443
92.177.45.46:2078
108.4.67.252:443
82.152.39.39:443
92.99.229.158:2222
89.101.97.139:443
78.100.194.196:6883
89.211.187.132:2222
67.209.195.198:443
217.128.122.65:2222
76.70.9.169:2222
86.195.158.178:2222
5.32.41.45:443
187.199.203.159:443
120.150.218.241:995
177.207.67.234:993
103.87.95.131:2222
86.184.85.199:443
191.99.191.28:443
172.114.160.81:995
2.50.27.78:443
209.210.95.228:32100
72.76.94.99:443
74.15.2.252:2222
63.153.150.20:443
177.207.67.234:995
177.96.102.51:443
189.253.32.61:995
190.73.3.148:2222
139.228.65.100:2222
72.12.115.90:22
187.170.7.81:443
191.112.23.197:443
173.21.10.71:2222
86.98.11.110:443
76.69.155.202:2222
72.252.201.34:995
207.170.238.231:443
217.165.85.106:993
45.63.1.12:995
90.74.16.2:6881
176.67.56.94:443
93.48.80.198:995
47.180.172.159:443
80.11.74.81:2222
108.60.213.141:443
196.203.37.215:80
75.99.168.194:443
140.82.49.12:443
40.134.247.125:995
72.252.201.34:990
100.1.108.246:443
70.51.139.58:2222
31.215.70.127:443
47.23.89.58:993
24.229.150.54:995
217.165.79.31:443
24.43.99.75:443
63.143.92.99:995
24.178.196.158:2222
45.76.167.26:443
45.76.167.26:995
45.63.1.12:443
140.82.63.183:443
144.202.3.39:995
144.202.3.39:443
149.28.238.199:443
149.28.238.199:995
140.82.63.183:995
173.174.216.62:443
208.101.87.135:443
47.23.89.58:995
144.202.2.175:995
144.202.2.175:443
102.65.38.77:443
176.232.95.25:995
105.186.127.127:995
41.205.12.24:443
203.212.24.90:995
117.248.109.38:21
1.161.97.158:443
197.89.108.75:443
217.128.93.27:2222
71.74.12.34:443
83.110.218.135:32101
5.95.58.211:2087
182.191.92.203:995
103.139.242.30:990
85.1.164.37:2222
79.167.199.210:995
86.97.209.134:2222
103.139.242.30:993
80.14.188.219:2222
180.183.125.141:2222
39.44.188.102:995
160.178.61.138:443
124.41.193.166:443
175.145.235.37:443
139.64.13.51:995
76.25.142.196:443
128.106.122.181:443
86.97.209.134:1194
197.237.74.185:995
58.105.167.35:50000
1.161.97.158:995
121.74.187.191:995
94.26.124.10:995
68.204.7.158:443
47.156.131.10:443
189.146.51.56:443
47.156.191.217:443
73.151.236.31:443
47.180.172.159:50010
96.21.251.127:2222
38.70.253.226:2222
96.246.158.154:995
41.228.22.180:443
45.9.20.200:443
75.188.35.168:443
201.42.65.3:995
86.198.170.170:2222
81.229.130.188:443
209.59.248.140:443
105.224.105.97:995
67.165.206.193:993
103.133.11.10:995
114.79.148.170:443
197.162.123.214:993
86.97.9.241:443
183.82.103.213:443
Unpacked files
SH256 hash:
c85839f837d0312d9fb5440b16fa4fe3769df6d8f986dfaa0b5a28fb9ec80e19
MD5 hash:
64ef451ed87fab51e9629a033e586888
SHA1 hash:
0af62d4a3c8f04aaf74e65850ba2e9f66854a4fe
SH256 hash:
eec8ca90a1e4a5b723ff993d7013ae240c8604e5b0fba8729e0d746415c22406
MD5 hash:
a182da7e90136b8edd321724fe72446c
SHA1 hash:
06bb133957140077766a63af1638f22f64bb7426
SH256 hash:
be7df9b222558c6b2afce6db5b20645bf394901f3d5ba27945d5497a367c8034
MD5 hash:
f4a1c6ac97447ff75a73977f0f4ced82
SHA1 hash:
fc121b9909d13381e9bae6ae4e284e637f93dc3c
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.